Analysis
-
max time kernel
95s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
14-09-2022 14:54
General
-
Target
1240-57-0x0000000000120000-0x0000000000142000-memory.dll
-
Size
136KB
-
MD5
efb5f7159bc194e25cea0d3402da2501
-
SHA1
8ef75319ba4186331bdcce64e586304907047857
-
SHA256
7b4e8bdfed375e3d82a47743e185c82b5474f1358e4a78fee68d1beb4320b65c
-
SHA512
12cd2181b09f061d9f4e1b0c1927d370cec0aa99480a73476eb2c61f1abb2cedf4ff801e368278786baf160eeac85ab813c07ceb8831f5ad18f81805dec86787
-
SSDEEP
3072:m9NzPp1RYGqwBLLFqGAnJ0632wTBfFGQaFAy:+rvRYpwBLL8jnJd32wTB9JIF
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 42 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1240-57-0x0000000000120000-0x0000000000142000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1240-57-0x0000000000120000-0x0000000000142000-memory.dll,#12⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1428-54-0x0000000000000000-mapping.dmp
-
memory/1428-55-0x0000000075071000-0x0000000075073000-memory.dmpFilesize
8KB
-
memory/2028-56-0x000007FEFB821000-0x000007FEFB823000-memory.dmpFilesize
8KB
-
memory/2028-57-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB